#!/usr/bin/env bash
# desc start - wget https://hello.fe80.cn/bash/canola.sh && bash canola.sh
# date;2020-0412
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
cur_dir=$(pwd)
domain="fe80.cn"

Color_Text()
{
    echo -e " \e[0;$2m$1\e[0m"
}

Echo_Red()
{
    echo $(Color_Text "$1" "31")
}

Echo_Green()
{
    echo $(Color_Text "$1" "32")
}

Echo_Yellow()
{
    echo $(Color_Text "$1" "33")
}

Echo_Blue()
{
    echo $(Color_Text "$1" "34")
}

if [ ! -f "/root/.ssh/id_rsa" ];then
    Echo_Yellow "[NOTICE] 请先配置秘钥"
    Echo_Yellow "vim /root/.ssh/id_rsa"
    Echo_Yellow "chmod 600 /root/.ssh/id_rsa"
    exit 1
fi

if [ ! -d "/home/wwwroot/canola" ];then
    cd /home/wwwroot
    git clone git@gitee.com:linzening/canola.git
    chown www.www canola -R
    cd canola
    cat > .env<<EOF
app_debug=true
EOF
    #配置数据库文件
    if [ ! -f "config/database.php" ];then
        cp config/database.php.example config/database.php
    fi
    #重新配置PHP
    # 取消禁用函数proc_open、proc_get_status、popen
    #composer自动安装
    Echo_Blue "[INFO] 安装composer..."
    composer config -g repo.packagist composer https://mirrors.aliyun.com/composer/
    composer install
    chown www.www * -R
fi

# Echo_Blue "[INFO] 配置Nginx..."
# if [ ! -f "/usr/local/nginx/conf/vhost/i.fe80.cn.conf" ];then
#     cat > /usr/local/nginx/conf/vhost/i.fe80.cn.conf<<EOF
# server
#     {
#         listen 80;
#         listen [::]:80;
#         server_name i.fe80.cn;
#         index index.html index.htm index.php default.html default.htm default.php;
#         root  /home/wwwroot/canola/public;
#         if (\$http_user_agent ~* (Scrapy|Curl|HttpClient|Hacker|Creaker|MSIE|Edge|Trident)) {
#             rewrite  ^(.*)\$  /deny  last;
#         }
#         # include vhost/block*.conf;
#         include /home/wwwroot/canola/extend/admin/block*.conf;
#         include rewrite/thinkphp.conf;
#         #error_page   404   /404.html;

#         # Deny access to PHP files in specific directory
#         #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php\$ { deny all; }

#         include enable-php-pathinfo.conf;

#         location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)\$
#         {
#             expires      30d;
#         }

#         location ~ .*\.(js|css)?\$
#         {
#             expires      12h;
#         }

#         location ~ /.well-known {
#             allow all;
#         }

#         location ~ /\.
#         {
#             deny all;
#         }
#         # 可直接打印当前Nginx日志
#         location /log {
#             default_type text/html;
#             return 200 '\$remote_addr - \$remote_user [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" "\$http_x_forwarded_for"';
#         }
#         access_log  /home/wwwlogs/i.fe80.cn.log;
#     }
# EOF
#     service nginx reload
# fi

# read -p "[+input]: 是否安装HTTPS? y/n：" callable1
# if [ "$callable1" = "y" ]; then
#     # https
#     if [ ! -f "/usr/local/nginx/conf/vhost/i.fe80.cn.s.conf" ];then
#         if [ ! -d "/usr/local/nginx/conf/ssl" ];then
#             mkdir /usr/local/nginx/conf/ssl
#         fi
#         if [ ! -f "/usr/local/nginx/conf/ssl/dhparam.pem" ];then
#             openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
#         fi
#         cat > /usr/local/nginx/conf/vhost/i.fe80.cn.s.conf<<EOF
# server
#     {
#         listen 443 ssl http2;
#         listen [::]:443 ssl http2;
#         server_name i.fe80.cn;
#         index index.html index.htm index.php default.html default.htm default.php;
#         root  /home/wwwroot/canola/public;
#         if (\$http_user_agent ~* (Scrapy|Curl|HttpClient|Hacker|Creaker|MSIE|Edge|Trident)) {
#             rewrite  ^(.*)\$  /deny  last;
#         }
#         # include vhost/block*.conf;
#         include /home/wwwroot/canola/extend/admin/block*.conf;
#         include rewrite/thinkphp.conf;
#         #error_page   404   /404.html;

#         ssl_certificate /usr/local/nginx/conf/ssl/i.fe80.cn.s.crt;
#         ssl_certificate_key /usr/local/nginx/conf/ssl/i.fe80.cn.s.key;
#         ssl_session_timeout 5m;
#         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#         ssl_prefer_server_ciphers on;
#         ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
#         ssl_session_cache builtin:1000 shared:SSL:10m;
#         # 执行命令openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
#         ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

#         include enable-php-pathinfo.conf;

#         location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)\$
#         {
#             expires      30d;
#         }

#         location ~ .*\.(js|css)?\$
#         {
#             expires      12h;
#         }

#         location ~ /.well-known {
#             allow all;
#         }

#         location ~ /\.
#         {
#             deny all;
#         }
#         access_log  /home/wwwlogs/i.fe80.cn.s.log;
#     }
# EOF
#         if [ ! -f "/usr/local/nginx/conf/ssl/i.fe80.cn.s.crt" ];then
#             Echo_Yellow "证书位置： /usr/local/nginx/conf/ssl/i.fe80.cn.s.crt"
#         fi
#         if [ ! -f "/usr/local/nginx/conf/ssl/i.fe80.cn.s.crt" ];then
#             Echo_Yellow "证书位置： /usr/local/nginx/conf/ssl/i.fe80.cn.s.key"
#         fi
#     fi
# fi

if [ ! -f "/home/wwwroot/canola/public/uploads/mmdb/ipv6wry.db" ];then
    cd /home/wwwroot/canola/public/uploads/mmdb/ && wget https://cdn.fe80.cn/res/ipv6wry.db
fi

# 定时备份数据库任务
# if [ ! -f "/data/cron/alioss.py" ];then
#     if [ ! -d "/data/cron" ];then
#         mkdir /data/cron -p
#     fi
#     cat > /data/cron/alioss.py<<EOF
# #!/usr/bin/env python
# # -*- coding: utf-8 -*-
# # 这个文件是用来备份数据库到阿里云OSS的。在Python3环境下运行
# import oss2,requests,os,datetime,time,socket,sys
# host = socket.gethostname()
# timestr=datetime.datetime.now().strftime('%Y%m%d%H%M%S')
# timestamp=time.time()
# path = "/data/database/"
# file = "linzening-db-"+timestr+".sql.gz"
# os.system("/usr/bin/mysqldump -uroot -palpha linzening |gzip > "+path+file)

# auth = oss2.Auth('xx', 'xxx')
# bucket = oss2.Bucket(auth, 'http://oss-cn-shenzhen.aliyuncs.com', 'market-database')
# with open(path+file, 'rb') as fileobj:
#     current = fileobj.tell()
#     bucket.put_object('databases2021b/'+file, fileobj)
#     exit('upload.aliyun.oss.success')
# exit('upload.aliyun.oss.fail')
# EOF
# fi

#更新pip3
# python3 -m pip install --upgrade pip

# pip3 install oss2

# CREATE USER 'linzening'@'%' IDENTIFIED WITH mysql_native_password BY '***';
# GRANT ALL PRIVILEGES ON *.* TO 'linzening'@'%' WITH GRANT OPTION;
# ALTER USER 'linzening'@'%' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
# CREATE DATABASE IF NOT EXISTS `linzening`;
# GRANT ALL PRIVILEGES ON `linzening`.* TO 'linzening'@'%';
